Having The Big Cookie Talk

The crushing irony of digital privacy is that all attempts to address user and government concerns over data handling only serve to dramatize just how thorny, complex and consumer un-friendly the issue is going to become next year. To wit, the weird Facebook privacy setting "reforms" that only exacerbated concerns over social networks and the motives of publishers.

When Facebook prompted me weeks ago to revisit my privacy settings, even this social media dunderhead knew that its "simplified" system was veering me towards revealing more about myself to more people than I would like. Suddenly a "service" became a pushy "salesman" that was nudging me towards the items that rendered him a better commission. The end result was that suddenly I was suspicious of the motives of a provider that I had regarded as relatively benign up to this point.

But Facebook's problem is pretty much everyone's problem. In order to engage consumers with the privacy issue, ad networks and publishers first have to expose just how much diverse tracking they have been doing all along.

As my colleague Laurie Sullivan noted earlier this week, only about 6,600 people per week seem to be opting out of Google's ad targeting via its new ad preferences dashboard. According to the Zachary Rodgers ClickZ post that first discussed this issue, Google says that four times as many people adjust their settings in the dashboard as do opt-out.

I think it's a mistake to take these numbers as indicative of consumer disinterest, however.

Among the many boilerplate predictions being spewed left and right this week by all vendors and publishers, there was one from eMarketer that stood out. "In 2010, we will see more Websites let users know what data is being kept about them and give them options to remove data or prevent it from being accumulated. However, such transparency alone will undermine online advertising efforts."

If I read behind that prediction, I assume eMarketer means that many people will recoil once they are made aware of the dense network of cookies and beacons that track them. One of the problems with using Rodgers' figures about Google opt-outs is that Google is not doing much to push people to its ad preferences page. Moreover, the real recoil among consumers comes when they see the density of tracking mechanisms and multiple vendors at work on a common branded media site.

Earlier this year, when we looked at the research that Pace University Professor Cathy Dwyer was doing on the number of trackers on popular sites, she told us how her supposedly digital-savvy students respond to seeing how the sausage is made. "I do this with 18-, 19- and 20-year-olds, and once they find out this is going on they go ballistic. A few of them in one of my classes canceled their Facebook accounts," she told me.

In my experience with Google's Ad Preferences dashboard, there wasn't much opportunity to be taken aback by its tracking because it didn't seem to register much about me. Likewise the new Yahoo "Ad Interest Manager" has me down for music and games interest despite all my diverse travels on the site. Put in these terms, the tracking seems innocuous, and perhaps too patchy or incompetent anyway to worry a consumer much. But when a major media brand starts talking to a reader about the 20 or so ad networks and exchanges they never heard of who are tracking the consumer from the front door, I suspect there will be more cookie-shock than we have seen thus far.

There is still loads of room for consumers to be surprised and confused by the level of tracking that has become de rigeur for publishers and advertisers online. According to research that PrivacyChoice.org filed with the FTC in advance of its recent roundtable in Washington, only 27% of ad targeting companies surveyed enumerated policies that excluded their tracking from sensitive health and financial matters. The same study found that 55% of policies stipulate that anonymous profiles information is shared with partners.

Only 13% of firms state that they delete information on a user that is over 12 months old, and 65% have no declared deletion period at all. And despite the efforts of third party and association privacy groups like TRUSTe and the NAI, only about a fifth of targeting companies are overseen by one or the other. While oversight groups likely have a greater reach than that one-fifth statistic suggests, PrivacyChoice also found that of the 4.4 ad targeting companies present on the average site, less than half (2.1) were NAI members.

Assuming user disinterest about privacy and tracking is a big mistake, in large part because the full and honest discussion hasn't even begun yet. This is going to be more like having the sex talk with your kid. You need to inform without shocking, be accurate without getting icky, be complete without overwhelming them with more than they can handle.

Admittedly, my analogy has a central flaw, in that publishers and ad tech companies shouldn't be treating consumers like children. But like the big sex talk, the privacy talk is going to involve exposing consumers to the digital plumbing, which gets complicated and invites a knee-jerk response among many that's similar to first hearing about sex: "Well, I'm not going to do that!"

It's almost a year after the FTC released its initial guidelines for self-policing of behavioral targeting. Amazingly, an industry distinguished by its ability to communicate and persuade -- the media -- seem to be as tongue-tied on addressing privacy with its customers as a parent is when trying to explain birds and bees.

Coming from the behavioral targeting media space, I agree regarding the explosion of beacons from third parties incorporated in web sites, especially social media. Just look at the source code view of a site and at the top or bottom of a page and you can see which tracking vendor beacons are tracking your visits.

I see nothing wrong on having site tracker script like OPENTRACKER on your own site. Why not know who is visiting, duration and navigation; it helps site design. But if you are using ad network scripts, SEO code or ad auction triggers like Microsoft's ADEcn, then you have a privacy disclosure problem which no legislation can solve.

As I earlier commented on the explosive growth in using Flash cookies that browsers cannot block (without disabling Flash in general), this privacy problem will only get worse.

For now, there are only a few web analytics aggregators providing a broader view of any user across sites; however, I worry when direct advertising giants like AXciom ( www.Acxiom.com ) decide to expand their services into BT since they are connected to the credit scoring and financial services markets.

When your surfing habits (e.g., heavy porn user, buying drugs online, peer to peer file sharing) end up as an input into your FICO score - Watch out! [disclosure: I helped design the FICO score back in the 80's.]

It will also affect your insurance rates. Add in credit rates and percentage increases for mortagages, car loans and credit cards that Sylvia points out. As far I know, there are no laws to prevent it.

The problem is Social Media Networks should not be Advertising Platforms for serving Ads. They should charge for the technology and this preserve people's privacy. People willingly expose themselves on Twitter in ways that brands can listen in. Facebook offer free Fan Pages for Brands to attract and engage with consumers. But when the Companies themselves seek to use all this data to serve us advertising we all get freaked out. We feel watched in ways we don't want to be watched. End of story.

Steve Smith is the Editorial Director, Events at MediaPost where he oversees all OMMA and Insider Summit event content. He is also the longtime Mobile Insider/MoBlog columnist for Mobile Marketing Daily. A recovering academic who taught media studies at Brown and University of Virginia, he spent the last decade as a digital media critic for numerous publications and as a digital strategy consultant. He also writes for Media Industry Newsletter and eContent magazine. Contact him here.